The Drum Awards for Marketing - Extended Deadline

-d -h -min -sec

Martech Cyber-security Data Management

Top 3 ways brands can develop their cyber security strategy in a time of risk

Acxiom

|

Open Mic article

This content is produced by a publishing partner of Open Mic.

Open Mic is the self-publishing platform for the marketing industry, allowing members to publish news, opinion and insights on thedrum.com.

Find out more

April 19, 2022 | 6 min read

With an increased global focus on cyber security, Acxiom’s Beth-Anne Bygum, chief security and compliance officer, discusses how our understanding of cyber security needs to evolve – including for marketing and advertising

Businesses across all geographic regions are being urged to “harden your cyber defenses” due to increased risk of cyberattacks.

Encouraging organizations to defend against an increasingly aggressive threat is sensible advice at any time. But what does cyber defense really mean for today’s brands?

After a period of accelerated digitalization, cyber security is no longer just about adding a firewall or protecting a password. It’s a concept that is continually evolving in response to technological development and changes in the risk landscape.

Today, one of the biggest threats to a brand’s reputation, revenue, and indeed, existence, is the loss of data to or misuse of data by a criminal third party. The associated loss of trust can lead to the severest consequences, something that consistently comes up in research around individuals' concerns when it comes to data.

Brands therefore, have no choice but to develop capabilities with security at the core if they want to maximize their use of data in a manner which maintains data protection expectations, resilience, and compliance as they compete in a transformative digital landscape. This requires a fundamental mindset shift in three key areas:

1.) Cyber security must become more intentional

When it comes to cyber threats, the outdated perception of lone hackers operating in the shadows needs to be put aside. Cyber attackers are well informed, organized, funded, and are in business for the sole purpose of financial gain. This is clearly illustrated by their aptitude for setting ransom levels according to risk in order to increase the likelihood they will be paid, as happened with the Colonial pipeline breach.

Threat actors are singularly focused. They have automated processes, and understand how to leverage architecture and engineering to find any point of weakness that may enable a hack, infrastructure compromise, or data leak. The brands who are under attack can rarely be this single focused. They need to balance multiple priorities, meaning cyber defense isn’t always at the front of the line for investment. And cyber attackers know that, too.

It’s time to approach cyber security with a different attitude. If the threat actors are operating with intention, then brands have to do the same. Brands need to continually advance their understanding of cyber protection as it relates to the technologies they use every day. They need to invest in training and deploying security resources where they are needed. Cyber security and data protection are no longer about policy, they’re about defense. And this defense needs to happen at the code level.

2.) Data protection should happen at the code level

When we talk about data protection at code level, we’re really talking about algorithmic integrity and fairness. This subject is often discussed from the viewpoint of bias, which is an important conversation in itself. But in relation to data protection and cyber security, we need to think about algorithmic integrity in terms of code, which is essentially making sure algorithms maintain the ability to demonstrate their innate design while ensuring the confidentiality and integrity of the results.

In the digital age – and particularly in the martech and adtech ecosystems – systems are accessing and moving data at speeds faster than traditional human-based access identity models. With a web of integrated workflow calls, data is moving back and forth between systems without human intervention, and being used by algorithms for automated decisioning. It’s therefore vital that the code behind those algorithms is operating as intended.

Data hygiene at code level needs to focus on making sure algorithms maintain fit-for-use status; that the systems brands use – whether in-house or third-party – are built using security-by-design methodologies. In other words, the algorithm won’t work if security safeguards are disabled or circumvented. Data hygiene at this level ensures nobody can compromise the code, and subsequently the integrity of the algorithms.

Few brands currently employ data hygiene practices at the code level. Many concentrate their data protection efforts on working toward specific governance frameworks that demonstrate best-in-class design and theory. While these frameworks are undeniably valuable, it is quite possible to pass them using evidence pulled from the right policies and procedures, while still experiencing systemic hygiene issues at the code level, which can result in security breaches.

Engaging in conversation and education to encourage data hygiene at code level is vital, and is something that will require a unified approach across the industry.

3.) Collaboration across the industry will be critical

The importance of industry-wide collaboration on cyber security cannot be overstated. The only way to combat highly organized threat actors is to press forward in a united and integrated way.

All brands face similar cyber threats, so countering them together makes perfect sense. Organizations need to learn to recognize each other's NDAs not just to indemnify each other, but also to practice together, train together, and learn together. By overcoming their resistance to working with market competitors and sharing information in an antitrust compliant way to protect each other, brands have a far greater chance of countering cyber security threats.

This collaborative approach should also be adopted by security providers, who need to make solutions interoperable to provide an effective cyber defense fabric, rather than forcing brands to choose from a disjointed patchwork of tools. And it must extend to making third-party providers and other participants within the adtech and martech space accountable for cyber security and data protection.

At Acxiom – a marketing and customer experience company that operates as a central service provider to upstream and downstream strategic partners – we are continually pressure-tested to ensure we can deliver the resilience our partners and our clients need. Last year alone, we responded to over 600 data security audits. And with many of our customers in highly regulated industries such as financial services or healthcare, we are audited with the same level of oversight and integrity as the businesses operating within those sectors. This shared accountability isn’t yet the norm across the adtech and martech ecosystems but it should be, with providers held to the same level of rigor as the brand partners they serve.

As the threat landscape continues to evolve, cyber security will need to keep up. Brands will need to change their perception, addressing cyber protection with the same intention as threat actors and ensuring algorithmic integrity at code level. Resilience to cyber threats will require collaboration from all of us across the security ecosystem.

Martech Cyber-security Data Management

Trending

Industry insights

View all
Add your own content +